dd-trace 4.14.0 → 4.15.0

package/index.d.ts

@@ -649,7 +649,7 @@ export declare interface DogStatsD {
    * Increments a metric by the specified value, optionally specifying tags.
    * @param {string} stat The dot-separated metric name.
    * @param {number} value The amount to increment the stat by.
-   * @param {[tag:string]:string|number} tags Tags to pass along, such as `[ 'foo:bar' ]`. Values are combined with config.tags.
+   * @param {[tag:string]:string|number} tags Tags to pass along, such as `{ foo: 'bar' }`. Values are combined with config.tags.
    */
   increment(stat: string, value?: number, tags?: { [tag: string]: string|number }): void
 
@@ -657,7 +657,7 @@ export declare interface DogStatsD {
    * Decrements a metric by the specified value, optionally specifying tags.
    * @param {string} stat The dot-separated metric name.
    * @param {number} value The amount to decrement the stat by.
-   * @param {[tag:string]:string|number} tags Tags to pass along, such as `[ 'foo:bar' ]`. Values are combined with config.tags.
+   * @param {[tag:string]:string|number} tags Tags to pass along, such as `{ foo: 'bar' }`. Values are combined with config.tags.
    */
   decrement(stat: string, value?: number, tags?: { [tag: string]: string|number }): void
 
@@ -665,7 +665,7 @@ export declare interface DogStatsD {
    * Sets a distribution value, optionally specifying tags.
    * @param {string} stat The dot-separated metric name.
    * @param {number} value The amount to increment the stat by.
-   * @param {[tag:string]:string|number} tags Tags to pass along, such as `[ 'foo:bar' ]`. Values are combined with config.tags.
+   * @param {[tag:string]:string|number} tags Tags to pass along, such as `{ foo: 'bar' }`. Values are combined with config.tags.
    */
   distribution(stat: string, value?: number, tags?: { [tag: string]: string|number }): void
 
@@ -673,7 +673,7 @@ export declare interface DogStatsD {
    * Sets a gauge value, optionally specifying tags.
    * @param {string} stat The dot-separated metric name.
    * @param {number} value The amount to increment the stat by.
-   * @param {[tag:string]:string|number} tags Tags to pass along, such as `[ 'foo:bar' ]`. Values are combined with config.tags.
+   * @param {[tag:string]:string|number} tags Tags to pass along, such as `{ foo: 'bar' }`. Values are combined with config.tags.
    */
   gauge(stat: string, value?: number, tags?: { [tag: string]: string|number }): void
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "4.14.0",
+  "version": "4.15.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -18,7 +18,7 @@
     "test:appsec": "mocha --colors --exit -r \"packages/dd-trace/test/setup/mocha.js\" --exclude \"packages/dd-trace/test/appsec/**/*.plugin.spec.js\" \"packages/dd-trace/test/appsec/**/*.spec.js\"",
     "test:appsec:ci": "nyc --no-clean --include \"packages/dd-trace/src/appsec/**/*.js\" --exclude \"packages/dd-trace/test/appsec/**/*.plugin.spec.js\" -- npm run test:appsec",
     "test:appsec:plugins": "mocha --colors --exit -r \"packages/dd-trace/test/setup/mocha.js\" \"packages/dd-trace/test/appsec/**/*.@($(echo $PLUGINS)).plugin.spec.js\"",
-    "test:appsec:plugins:ci": "yarn services && nyc --no-clean --include \"packages/dd-trace/test/appsec/**/*.@($(echo $PLUGINS)).plugin.spec.js\" -- npm run test:appsec:plugins",
+    "test:appsec:plugins:ci": "yarn services && nyc --no-clean --include \"packages/dd-trace/src/appsec/**/*.js\" -- npm run test:appsec:plugins",
     "test:trace:core": "tap packages/dd-trace/test/*.spec.js \"packages/dd-trace/test/{ci-visibility,encode,exporters,opentelemetry,opentracing,plugins,service-naming,telemetry}/**/*.spec.js\"",
     "test:trace:core:ci": "npm run test:trace:core -- --coverage --nyc-arg=--include=\"packages/dd-trace/src/**/*.js\"",
     "test:instrumentations": "mocha --colors -r 'packages/dd-trace/test/setup/mocha.js' 'packages/datadog-instrumentations/test/**/*.spec.js'",

package/packages/datadog-instrumentations/src/graphql.js

@@ -188,7 +188,7 @@ function wrapExecute (execute) {
             executeErrorCh.publish(error)
           }
 
-          finishExecuteCh.publish({ res, args })
+          finishExecuteCh.publish({ res, args, context })
         })
       })
     }
@@ -205,7 +205,7 @@ function wrapResolve (resolve) {
 
     if (!context) return resolve.apply(this, arguments)
 
-    const field = assertField(context, info)
+    const field = assertField(context, info, args)
 
     return callInAsyncScope(resolve, field.asyncResource, this, arguments, (err) => {
       updateFieldCh.publish({ field, info, err })
@@ -250,7 +250,7 @@ function pathToArray (path) {
   return flattened.reverse()
 }
 
-function assertField (context, info) {
+function assertField (context, info, args) {
   const pathInfo = info && info.path
 
   const path = pathToArray(pathInfo)
@@ -272,7 +272,8 @@ function assertField (context, info) {
       childResource.runInAsyncScope(() => {
         startResolveCh.publish({
           info,
-          context
+          context,
+          args
         })
       })
 

package/packages/datadog-instrumentations/src/mysql.js

@@ -17,7 +17,7 @@ addHook({ name: 'mysql', file: 'lib/Connection.js', versions: ['>=2'] }, Connect
       return query.apply(this, arguments)
     }
 
-    const sql = arguments[0].sql ? arguments[0].sql : arguments[0]
+    const sql = arguments[0].sql || arguments[0]
     const conf = this.config
     const payload = { sql, conf }
 
@@ -66,9 +66,47 @@ addHook({ name: 'mysql', file: 'lib/Connection.js', versions: ['>=2'] }, Connect
 })
 
 addHook({ name: 'mysql', file: 'lib/Pool.js', versions: ['>=2'] }, Pool => {
+  const startPoolQueryCh = channel('datadog:mysql:pool:query:start')
+  const finishPoolQueryCh = channel('datadog:mysql:pool:query:finish')
+
   shimmer.wrap(Pool.prototype, 'getConnection', getConnection => function (cb) {
     arguments[0] = AsyncResource.bind(cb)
     return getConnection.apply(this, arguments)
   })
+
+  shimmer.wrap(Pool.prototype, 'query', query => function () {
+    if (!startPoolQueryCh.hasSubscribers) {
+      return query.apply(this, arguments)
+    }
+
+    const asyncResource = new AsyncResource('bound-anonymous-fn')
+
+    const sql = arguments[0].sql || arguments[0]
+
+    return asyncResource.runInAsyncScope(() => {
+      startPoolQueryCh.publish({ sql })
+
+      const finish = asyncResource.bind(function () {
+        finishPoolQueryCh.publish()
+      })
+
+      const cb = arguments[arguments.length - 1]
+      if (typeof cb === 'function') {
+        arguments[arguments.length - 1] = shimmer.wrap(cb, function () {
+          finish()
+          return cb.apply(this, arguments)
+        })
+      }
+
+      const retval = query.apply(this, arguments)
+
+      if (retval && retval.then) {
+        retval.then(finish).catch(finish)
+      }
+
+      return retval
+    })
+  })
+
   return Pool
 })

package/packages/datadog-plugin-graphql/src/resolve.js

@@ -8,13 +8,14 @@ class GraphQLResolvePlugin extends TracingPlugin {
   static get id () { return 'graphql' }
   static get operation () { return 'resolve' }
 
-  start ({ info, context }) {
+  start ({ info, context, args }) {
     const path = getPath(info, this.config)
 
     if (!shouldInstrument(this.config, path)) return
-
     const computedPathString = path.join('.')
 
+    addResolver(context, info, args)
+
     if (this.config.collapse) {
       if (!context[collapsedPathSym]) {
         context[collapsedPathSym] = {}
@@ -108,4 +109,28 @@ function withCollapse (responsePathAsArray) {
   }
 }
 
+function addResolver (context, info, args) {
+  if (info.rootValue && !info.rootValue[info.fieldName]) {
+    return
+  }
+
+  if (!context.resolvers) {
+    context.resolvers = {}
+  }
+
+  const resolvers = context.resolvers
+
+  if (!resolvers[info.fieldName]) {
+    if (args && Object.keys(args).length) {
+      resolvers[info.fieldName] = [args]
+    } else {
+      resolvers[info.fieldName] = []
+    }
+  } else {
+    if (args && Object.keys(args).length) {
+      resolvers[info.fieldName].push(args)
+    }
+  }
+}
+
 module.exports = GraphQLResolvePlugin

package/packages/dd-trace/src/appsec/addresses.js

@@ -12,6 +12,7 @@ module.exports = {
   HTTP_INCOMING_RESPONSE_CODE: 'server.response.status',
   HTTP_INCOMING_RESPONSE_HEADERS: 'server.response.headers.no_cookies',
   // TODO: 'server.response.trailers',
+  HTTP_INCOMING_GRAPHQL_RESOLVERS: 'graphql.server.all_resolvers',
 
   HTTP_CLIENT_IP: 'http.client_ip',
 

package/packages/dd-trace/src/appsec/channels.js

@@ -5,6 +5,7 @@ const dc = require('../../../diagnostics_channel')
 // TODO: use TBD naming convention
 module.exports = {
   bodyParser: dc.channel('datadog:body-parser:read:finish'),
+  graphqlFinishExecute: dc.channel('apm:graphql:execute:finish'),
   incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
   incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
   passportVerify: dc.channel('datadog:passport:verify:finish'),

package/packages/dd-trace/src/appsec/iast/analyzers/ldap-injection-analyzer.js

@@ -1,6 +1,9 @@
 'use strict'
 const InjectionAnalyzer = require('./injection-analyzer')
 const { LDAP_INJECTION } = require('../vulnerabilities')
+const { getNodeModulesPaths } = require('../path-line')
+
+const EXCLUDED_PATHS = getNodeModulesPaths('ldapjs-promise')
 
 class LdapInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
@@ -10,6 +13,10 @@ class LdapInjectionAnalyzer extends InjectionAnalyzer {
   onConfigure () {
     this.addSub('datadog:ldapjs:client:search', ({ base, filter }) => this.analyzeAll(base, filter))
   }
+
+  _getExcludedPaths () {
+    return EXCLUDED_PATHS
+  }
 }
 
 module.exports = new LdapInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js

@@ -8,7 +8,7 @@ const { getIastContext } = require('../iast-context')
 const { addVulnerability } = require('../vulnerability-reporter')
 const { getNodeModulesPaths } = require('../path-line')
 
-const EXCLUDED_PATHS = getNodeModulesPaths('mysql2', 'sequelize', 'pg-pool')
+const EXCLUDED_PATHS = getNodeModulesPaths('mysql', 'mysql2', 'sequelize', 'pg-pool')
 
 class SqlInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
@@ -20,37 +20,33 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
     this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql, 'MYSQL'))
     this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text, 'POSTGRES'))
 
-    this.addSub('datadog:sequelize:query:start', ({ sql, dialect }) => {
-      const parentStore = storage.getStore()
-      if (parentStore) {
-        this.analyze(sql, dialect.toUpperCase(), parentStore)
-
-        storage.enterWith({ ...parentStore, sqlAnalyzed: true, sequelizeParentStore: parentStore })
-      }
-    })
-
-    this.addSub('datadog:sequelize:query:finish', () => {
-      const store = storage.getStore()
-      if (store && store.sequelizeParentStore) {
-        storage.enterWith(store.sequelizeParentStore)
-      }
-    })
-
-    this.addSub('datadog:pg:pool:query:start', ({ query }) => {
-      const parentStore = storage.getStore()
-      if (parentStore) {
-        this.analyze(query.text, 'POSTGRES', parentStore)
-
-        storage.enterWith({ ...parentStore, sqlAnalyzed: true, pgPoolParentStore: parentStore })
-      }
-    })
-
-    this.addSub('datadog:pg:pool:query:finish', () => {
-      const store = storage.getStore()
-      if (store && store.pgPoolParentStore) {
-        storage.enterWith(store.pgPoolParentStore)
-      }
-    })
+    this.addSub(
+      'datadog:sequelize:query:start',
+      ({ sql, dialect }) => this.getStoreAndAnalyze(sql, dialect.toUpperCase())
+    )
+    this.addSub('datadog:sequelize:query:finish', () => this.returnToParentStore())
+
+    this.addSub('datadog:pg:pool:query:start', ({ query }) => this.getStoreAndAnalyze(query.text, 'POSTGRES'))
+    this.addSub('datadog:pg:pool:query:finish', () => this.returnToParentStore())
+
+    this.addSub('datadog:mysql:pool:query:start', ({ sql }) => this.getStoreAndAnalyze(sql, 'MYSQL'))
+    this.addSub('datadog:mysql:pool:query:finish', () => this.returnToParentStore())
+  }
+
+  getStoreAndAnalyze (query, dialect) {
+    const parentStore = storage.getStore()
+    if (parentStore) {
+      this.analyze(query, dialect, parentStore)
+
+      storage.enterWith({ ...parentStore, sqlAnalyzed: true, sqlParentStore: parentStore })
+    }
+  }
+
+  returnToParentStore () {
+    const store = storage.getStore()
+    if (store && store.sqlParentStore) {
+      storage.enterWith(store.sqlParentStore)
+    }
   }
 
   _getEvidence (value, iastContext, dialect) {

package/packages/dd-trace/src/appsec/index.js

@@ -4,15 +4,17 @@ const log = require('../log')
 const RuleManager = require('./rule_manager')
 const remoteConfig = require('./remote_config')
 const {
+  bodyParser,
+  graphqlFinishExecute,
   incomingHttpRequestStart,
   incomingHttpRequestEnd,
-  bodyParser,
   passportVerify,
   queryParser
 } = require('./channels')
 const waf = require('./waf')
 const addresses = require('./addresses')
 const Reporter = require('./reporter')
+const appsecTelemetry = require('./telemetry')
 const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
@@ -35,10 +37,13 @@ function enable (_config) {
 
     Reporter.setRateLimit(_config.appsec.rateLimit)
 
+    appsecTelemetry.enable(_config.telemetry)
+
     incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
     incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
     bodyParser.subscribe(onRequestBodyParsed)
     queryParser.subscribe(onRequestQueryParsed)
+    graphqlFinishExecute.subscribe(onGraphqlFinishExecute)
 
     if (_config.appsec.eventTracking.enabled) {
       passportVerify.subscribe(onPassportVerify)
@@ -158,6 +163,20 @@ function onPassportVerify ({ credentials, user }) {
   passportTrackEvent(credentials, user, rootSpan, config.appsec.eventTracking.mode)
 }
 
+function onGraphqlFinishExecute ({ context }) {
+  const store = storage.getStore()
+  const req = store?.req
+
+  if (!req) return
+
+  const resolvers = context?.resolvers
+
+  if (!resolvers || typeof resolvers !== 'object') return
+
+  // Don't collect blocking result because it only works in monitor mode.
+  waf.run({ [addresses.HTTP_INCOMING_GRAPHQL_RESOLVERS]: resolvers }, req)
+}
+
 function handleResults (actions, req, res, rootSpan, abortController) {
   if (!actions || !req || !res || !rootSpan || !abortController) return
 
@@ -172,12 +191,15 @@ function disable () {
 
   RuleManager.clearAllRules()
 
+  appsecTelemetry.disable()
+
   remoteConfig.disableWafUpdate()
 
   // Channel#unsubscribe() is undefined for non active channels
+  if (bodyParser.hasSubscribers) bodyParser.unsubscribe(onRequestBodyParsed)
+  if (graphqlFinishExecute.hasSubscribers) graphqlFinishExecute.unsubscribe(onGraphqlFinishExecute)
   if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(incomingHttpStartTranslator)
   if (incomingHttpRequestEnd.hasSubscribers) incomingHttpRequestEnd.unsubscribe(incomingHttpEndTranslator)
-  if (bodyParser.hasSubscribers) bodyParser.unsubscribe(onRequestBodyParsed)
   if (queryParser.hasSubscribers) queryParser.unsubscribe(onRequestQueryParsed)
   if (passportVerify.hasSubscribers) passportVerify.unsubscribe(onPassportVerify)
 }

package/packages/dd-trace/src/appsec/reporter.js

@@ -3,6 +3,12 @@
 const Limiter = require('../rate_limiter')
 const { storage } = require('../../../datadog-core')
 const web = require('../plugins/util/web')
+const {
+  incrementWafInitMetric,
+  updateWafRequestsMetricTags,
+  incrementWafUpdatesMetric,
+  incrementWafRequestsMetric
+} = require('./telemetry')
 
 // default limiter, configurable with setRateLimit()
 let limiter = new Limiter(100)
@@ -63,6 +69,18 @@ function formatHeaderName (name) {
     .toLowerCase()
 }
 
+function reportWafInit (wafVersion, rulesInfo) {
+  metricsQueue.set('_dd.appsec.waf.version', wafVersion)
+
+  metricsQueue.set('_dd.appsec.event_rules.loaded', rulesInfo.loaded)
+  metricsQueue.set('_dd.appsec.event_rules.error_count', rulesInfo.failed)
+  if (rulesInfo.failed) metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(rulesInfo.errors))
+
+  metricsQueue.set('manual.keep', 'true')
+
+  incrementWafInitMetric(wafVersion, rulesInfo.version)
+}
+
 function reportMetrics (metrics) {
   // TODO: metrics should be incremental, there already is an RFC to report metrics
   const store = storage.getStore()
@@ -80,6 +98,8 @@ function reportMetrics (metrics) {
   if (metrics.rulesVersion) {
     rootSpan.setTag('_dd.appsec.event_rules.version', metrics.rulesVersion)
   }
+
+  updateWafRequestsMetricTags(metrics, store.req)
 }
 
 function reportAttack (attackData) {
@@ -132,6 +152,8 @@ function finishRequest (req, res) {
     metricsQueue.clear()
   }
 
+  incrementWafRequestsMetric(req)
+
   if (!rootSpan.context()._tags['appsec.event']) return
 
   const newTags = filterHeaders(res.getHeaders(), RESPONSE_HEADERS_PASSLIST, 'http.response.headers.')
@@ -151,8 +173,10 @@ module.exports = {
   metricsQueue,
   filterHeaders,
   formatHeaderName,
+  reportWafInit,
   reportMetrics,
   reportAttack,
+  reportWafUpdate: incrementWafUpdatesMetric,
   finishRequest,
   setRateLimit
 }

package/packages/dd-trace/src/appsec/telemetry.js

@@ -0,0 +1,132 @@
+'use strict'
+
+const telemetryMetrics = require('../telemetry/metrics')
+
+const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
+
+const DD_TELEMETRY_WAF_RESULT_TAGS = Symbol('_dd.appsec.telemetry.waf.result.tags')
+
+const tags = {
+  REQUEST_BLOCKED: 'request_blocked',
+  RULE_TRIGGERED: 'rule_triggered',
+  WAF_TIMEOUT: 'waf_timeout',
+  WAF_VERSION: 'waf_version',
+  EVENT_RULES_VERSION: 'event_rules_version'
+}
+
+const metricsStoreMap = new WeakMap()
+
+let enabled = false
+
+function enable (telemetryConfig) {
+  enabled = telemetryConfig?.enabled && telemetryConfig.metrics
+}
+
+function disable () {
+  enabled = false
+}
+
+function getStore (req) {
+  let store = metricsStoreMap.get(req)
+  if (!store) {
+    store = {}
+    metricsStoreMap.set(req, store)
+  }
+  return store
+}
+
+function getVersionsTags (wafVersion, rulesVersion) {
+  return {
+    [tags.WAF_VERSION]: wafVersion,
+    [tags.EVENT_RULES_VERSION]: rulesVersion
+  }
+}
+
+function trackWafDurations (metrics, versionsTags) {
+  if (metrics.duration) {
+    appsecMetrics.distribution('waf.duration', versionsTags).track(metrics.duration)
+  }
+  if (metrics.durationExt) {
+    appsecMetrics.distribution('waf.duration_ext', versionsTags).track(metrics.durationExt)
+  }
+}
+
+function getOrCreateMetricTags ({ wafVersion, rulesVersion }, req, versionsTags) {
+  const store = getStore(req)
+
+  let metricTags = store[DD_TELEMETRY_WAF_RESULT_TAGS]
+  if (!metricTags) {
+    metricTags = {
+      [tags.REQUEST_BLOCKED]: false,
+      [tags.RULE_TRIGGERED]: false,
+      [tags.WAF_TIMEOUT]: false,
+
+      ...versionsTags
+    }
+    store[DD_TELEMETRY_WAF_RESULT_TAGS] = metricTags
+  }
+  return metricTags
+}
+
+function updateWafRequestsMetricTags (metrics, req) {
+  if (!req || !enabled) return
+
+  const versionsTags = getVersionsTags(metrics.wafVersion, metrics.rulesVersion)
+
+  trackWafDurations(metrics, versionsTags)
+
+  const metricTags = getOrCreateMetricTags(metrics, req, versionsTags)
+
+  const { blockTriggered, ruleTriggered, wafTimeout } = metrics
+
+  if (blockTriggered) {
+    metricTags[tags.REQUEST_BLOCKED] = blockTriggered
+  }
+  if (ruleTriggered) {
+    metricTags[tags.RULE_TRIGGERED] = ruleTriggered
+  }
+  if (wafTimeout) {
+    metricTags[tags.WAF_TIMEOUT] = wafTimeout
+  }
+
+  return metricTags
+}
+
+function incrementWafInitMetric (wafVersion, rulesVersion) {
+  if (!enabled) return
+
+  const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+
+  appsecMetrics.count('waf.init', versionsTags).inc()
+}
+
+function incrementWafUpdatesMetric (wafVersion, rulesVersion) {
+  if (!enabled) return
+
+  const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+
+  appsecMetrics.count('waf.updates', versionsTags).inc()
+}
+
+function incrementWafRequestsMetric (req) {
+  if (!req || !enabled) return
+
+  const store = getStore(req)
+
+  const metricTags = store[DD_TELEMETRY_WAF_RESULT_TAGS]
+  if (metricTags) {
+    appsecMetrics.count('waf.requests', metricTags).inc()
+  }
+
+  metricsStoreMap.delete(req)
+}
+
+module.exports = {
+  enable,
+  disable,
+
+  updateWafRequestsMetricTags,
+  incrementWafInitMetric,
+  incrementWafUpdatesMetric,
+  incrementWafRequestsMetric
+}

package/packages/dd-trace/src/appsec/waf/index.js

@@ -39,7 +39,7 @@ function update (newRules) {
   if (!waf.wafManager) throw new Error('Cannot update disabled WAF')
 
   try {
-    waf.wafManager.ddwaf.update(newRules)
+    waf.wafManager.update(newRules)
   } catch (err) {
     log.error('Could not apply rules from remote config')
     throw err

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -4,11 +4,12 @@ const log = require('../../log')
 const Reporter = require('../reporter')
 
 class WAFContextWrapper {
-  constructor (ddwafContext, requiredAddresses, wafTimeout, rulesInfo) {
+  constructor (ddwafContext, requiredAddresses, wafTimeout, rulesInfo, wafVersion) {
     this.ddwafContext = ddwafContext
     this.requiredAddresses = requiredAddresses
     this.wafTimeout = wafTimeout
-    this.rulesInfo = rulesInfo
+    this.rulesVersion = rulesInfo.version
+    this.wafVersion = wafVersion
   }
 
   run (params) {
@@ -32,13 +33,20 @@ class WAFContextWrapper {
 
       const end = process.hrtime.bigint()
 
+      const ruleTriggered = !!result.data && result.data !== '[]'
+      const blockTriggered = result.actions?.includes('block')
+
       Reporter.reportMetrics({
         duration: result.totalRuntime / 1e3,
         durationExt: parseInt(end - start) / 1e3,
-        rulesVersion: this.rulesInfo.version
+        rulesVersion: this.rulesVersion,
+        ruleTriggered,
+        blockTriggered,
+        wafVersion: this.wafVersion,
+        wafTimeout: result.timeout
       })
 
-      if (result.data && result.data !== '[]') {
+      if (ruleTriggered) {
         Reporter.reportAttack(result.data)
       }
 

package/packages/dd-trace/src/appsec/waf/waf_manager.js

@@ -11,7 +11,9 @@ class WAFManager {
     this.config = config
     this.wafTimeout = config.wafTimeout
     this.ddwaf = this._loadDDWAF(rules)
-    this._reportMetrics()
+    this.ddwafVersion = this.ddwaf.constructor.version()
+
+    Reporter.reportWafInit(this.ddwafVersion, this.ddwaf.rulesInfo)
   }
 
   _loadDDWAF (rules) {
@@ -28,18 +30,6 @@ class WAFManager {
     }
   }
 
-  _reportMetrics () {
-    Reporter.metricsQueue.set('_dd.appsec.waf.version', this.ddwaf.constructor.version())
-
-    const { loaded, failed, errors } = this.ddwaf.rulesInfo
-
-    Reporter.metricsQueue.set('_dd.appsec.event_rules.loaded', loaded)
-    Reporter.metricsQueue.set('_dd.appsec.event_rules.error_count', failed)
-    if (failed) Reporter.metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(errors))
-
-    Reporter.metricsQueue.set('manual.keep', 'true')
-  }
-
   getWAFContext (req) {
     let wafContext = contexts.get(req)
 
@@ -48,7 +38,8 @@ class WAFManager {
         this.ddwaf.createContext(),
         this.ddwaf.requiredAddresses,
         this.wafTimeout,
-        this.ddwaf.rulesInfo
+        this.ddwaf.rulesInfo,
+        this.ddwafVersion
       )
       contexts.set(req, wafContext)
     }
@@ -56,6 +47,12 @@ class WAFManager {
     return wafContext
   }
 
+  update (newRules) {
+    this.ddwaf.update(newRules)
+
+    Reporter.reportWafUpdate(this.ddwafVersion, this.ddwaf.rulesInfo.version)
+  }
+
   destroy () {
     if (this.ddwaf) {
       this.ddwaf.dispose()

package/packages/dd-trace/src/plugins/tracing.js

@@ -55,7 +55,7 @@ class TracingPlugin extends Plugin {
   start () {} // implemented by individual plugins
 
   finish () {
-    this.activeSpan.finish()
+    this.activeSpan?.finish()
   }
 
   error (error) {

package/packages/dd-trace/src/util.js

@@ -66,7 +66,7 @@ function globMatch (pattern, subject) {
 function calculateDDBasePath (dirname) {
   const dirSteps = dirname.split(path.sep)
   const packagesIndex = dirSteps.lastIndexOf('packages')
-  return dirSteps.slice(0, packagesIndex).join(path.sep) + path.sep
+  return dirSteps.slice(0, packagesIndex + 1).join(path.sep) + path.sep
 }
 
 module.exports = {